<?php
/**
 * Action to reset a user's password		Registed as 'action/user/password/reset'
 *  
 * $email
 * $pass
 */

#################################################################
#								ACTION
#################################################################
if($_CONTEXT==CONTEXT_ACTION){
	
	$email= urldecode(blg_get_input('e'));
	$email_code= blg_get_input('c');
	
	if(blg_email_exists($email)){
		$user= blg_get_user_entity_by_email($email);
		$user_code= blg_user_get_validation_code($user);

		//VALIDATE
		if($user_code == $email_code){
			//LOGOUT
			blg_logout();
			
			//RESET PASSWORD
			$new_password= random_string(rand(5,8));
			$user->change_password($new_password);			
			
			//SEND EMAIL
			blg_user_send_reset_password_email($user->guid, $new_password);
			
			//NOTIFY
			blg_session_set('show_login_form', array('email' => $email), TRUE);
			blg_focus('header_input_login_email');
			blg_msg_add(blg_echo('user:password:reset:done', array($email)));
			blg_msg_add(blg_echo('email:in:spam'));
											
			forward(blg_get_site_url().'user/password/reset?e='.urlencode($email).'&'.blg_security_url());
		}	
	}
	
	blg_msg_add(blg_echo('error:security:validation:failed'), true);
	forward();
	
}
#################################################################
#								ACCESS
#################################################################
elseif($_CONTEXT==CONTEXT_ACCESS){ 
	$_ACCESS= blg_security_grant_from_input(60*60*2); //120min
}
